Fail2ban
Install common
After installing fail2ban configure:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local vi /etc/fail2ban/jail.local
Add: "enable=true" under each of the services installed. SSH, Apache, Nginx, Vsftp, etc.
Also add the ,23 besides the ssh port for the ssh. See section below.
Restart the service,
systemctl start fail2ban
if it does not restart see the reason:
fail2ban-client -v -v start^
Install Fail2ban on Ubuntu
apt-get install fail2ban sudo service fail2ban restart sudo update-rc.d fail2ban enable
Install Fail2ban on CentOS/Fedora
Instead of installing with yum install fail2ban, use:
yum install fail2ban-server fail2ban-systemd systemctl enable fail2ban systemctl restart fail2ban
The packet fail2ban also installs the Firewalld, which blocks by default all traffic after restarting the server.
Info: http://pkgs.org/centos-7/puias-unsupported-x86_64/fail2ban-server-0.9.2-1.sdl7.noarch.rpm.html
Enable mail
yum install fail2ban-sendmail
Fail2ban when ssh in telnet port
This are no failures in sense of authentication (because login does not take place).
But if you will that yet, just copy /etc/fail2ban/filter.d/sshd.conf into /etc/fail2ban/filter.d/sshd.local and add following to the failregex:
^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
Add the ,23 besides the ssh port in the /etc/fail2ban/jail.local
[sshd] port = ssh,23